Community

    • Login
    • Search
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search

    Community weekly digest ends up in SPAM

    General Discussion
    7
    25
    1327
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • PeterJones
      PeterJones @timint01 last edited by PeterJones

      @donho,

      I just had to go through the SPAM on my personal domain as well.

      # dig +short notepad-plus-plus.org TXT
      "v=spf1 include:spf.mx.hostinger.com include:relay.mailchannels.net ~all"
      # dig -x 104.131.212.184
      ...
      ;; QUESTION SECTION:
      ;184.212.131.104.in-addr.arpa.  IN      PTR
      ;; AUTHORITY SECTION:
      212.131.104.in-addr.arpa. 1773  IN      SOA     ns1.digitalocean.com. hostmaster.212.131.104.in-addr.arpa. 1639587967 10800 3600 604800 1800
      ...
      

      So it appears your DNS’s TXT entry is set to include hostinger.com and mailchannels.net, but not digitalocean.com.
      It might help to change your TXT record in notepad-plus-plus.org to

      v=spf1 include:spf.mx.hostinger.com include:relay.mailchannels.net include:digitalocean.com ip4:104.131.212.184 ~all
      

      For adding the missing DKIM, my ISP had already defined a DKIM entry for me, so I don’t know how to generate it. It should be under the TXT entry for the default._domainkey.notepad-plus-plus.org entry in your DNS; find out more through https://www.google.com/search?q=how+to+add+dkim+record

      For the DMARC, add a TXT entry to _dmarc.notepad-plus-plus.org, with a value v=DMARC1; p=none; … if you want the DMARC system to maybe email you when there are problems, change it to v=DMARC1; p=none; rua=mailto:don.ho@..... (but give it your real email address)

      addenda: commands for checking the DKIM and DMARC:

      dig +short default._domainkey.notepad-plus-plus.org TXT
      dig +short _dmarc.notepad-plus-plus.org TXT
      

      —

      Whoever downvoted @timint01’s message: it was a valid and reasonable report: the SPF/DKIM/DMARC settings are a real problem for outgoing emails. If Don is going to continue to allow the Forum to email users, it should have the SPF/DKIM/DMARC set correctly so that the emails will make it through. Before I fixed those settings on my domain, emails would randomly never even make it to the SPAM filter of the recipient’s email – their server would block it before it got that far. And the mail-tester web address is a valid site which is helpful for debugging such issues: they give you a dummy address to send to, then you mail that address from your server, and they issue your emails a “score”, and break down why your email got that score (including links to authoritative definitions for what those various DNS settings should be); I used it a lot when trying to get my SPF/DKIM/DMARC set up correctly.

      Ekopalypse 1 Reply Last reply Reply Quote 2
      • Ekopalypse
        Ekopalypse @PeterJones last edited by

        @timint01, sorry, I downvoted it - I mistakenly assumed it was another annoying advertising fake post.

        Lycan Thrope PeterJones 2 Replies Last reply Reply Quote 1
        • Lycan Thrope
          Lycan Thrope @Ekopalypse last edited by

          @ekopalypse ,
          To err is human, to really mess up, involve a computer. :-)

          Lee

          1 Reply Last reply Reply Quote 1
          • PeterJones
            PeterJones @Ekopalypse last edited by

            @ekopalypse said in Community weekly digest ends up in SPAM:

            I mistakenly assumed it was another annoying advertising fake post.

            Not a problem. I probably would have done the same if my last couple weeks hadn’t been intimately involved with those same settings and website – because until the holiday week, I had never heard of any of those terms. ;-)

            1 Reply Last reply Reply Quote 2
            • Nicholas
              Nicholas last edited by

              I would be careful about who you allow to send as your primary domain. Any security issues and they could start impersonating admin accounts. You should be using -all at the end of your spf record.

              I would be sending the emails as no-reply@community.notepad-plus-plus.org and adding the TXT record to the community sub domain so it is just this host and no one else.

              I’m not sure if you need to also set the MX record if you don’t intend to receive email for the sub domain. It might affect some spam filters.

              1 Reply Last reply Reply Quote 0
              • donho
                donho @timint01 last edited by

                @timint01

                I just checked in my host, in fact, DKIM was missing and SPF was conflict.

                Obviously these 2 parameters are not initialized. I just initialized them by default, it should be getting better now.

                Please let me know if it’s fixed. If not, I will try to tune it up.

                PeterJones 1 Reply Last reply Reply Quote 0
                • guy038
                  guy038 last edited by guy038

                  Hi, all,

                  As for me, everything seems OK

                  0f2212f8-e640-4075-9dcc-2e9da1b063d9-image.png

                  Best Regards,

                  guy038

                  Ekopalypse 1 Reply Last reply Reply Quote 0
                  • Ekopalypse
                    Ekopalypse @guy038 last edited by

                    @guy038

                    Wow - you are blacklisted, be careful as long as your pseudonym is not Raymond Reddington of course :-D

                    1 Reply Last reply Reply Quote 0
                    • PeterJones
                      PeterJones @donho last edited by PeterJones

                      @donho

                      Please let me know if it’s fixed. If not, I will try to tune it up.

                      When I have the forum send the mail to the tester, it still shows up with the errors:
                      7b9eca04-3879-4bc8-88b7-b46b377fdd1f-image.png

                      And when I poll the DNS using dig for windows (or equivalently with the builtin dig on a linux host I have access to), I still don’t see DKIM (_domainkey) or DMARC (_dmarc) entries for notepad-plus-plus.org’s DNS

                      C:\Users\Peter>dig +short notepad-plus-plus.org TXT
                      "v=spf1 include:_spf.mail.hostinger.com ~all"
                      
                      C:\Users\Peter>dig +short default._domainkey.notepad-plus-plus.org TXT
                      
                      C:\Users\Peter>dig +short _dmarc.notepad-plus-plus.org TXT
                      

                      Or doing the equivalent with Windows’ built-in nslookup:

                      C:\Users\Peter>nslookup -type=txt notepad-plus-plus.org
                      Server:  dns.google
                      Address:  8.8.8.8
                      
                      Non-authoritative answer:
                      notepad-plus-plus.org   text =
                      
                              "v=spf1 include:_spf.mail.hostinger.com ~all"
                      
                      C:\Users\Peter>nslookup -type=txt _dmarc.notepad-plus-plus.org
                      Server:  dns.google
                      Address:  8.8.8.8
                      
                      *** dns.google can't find _dmarc.notepad-plus-plus.org: Non-existent domain
                      
                      C:\Users\Peter>nslookup -type=txt default._domainkey.notepad-plus-plus.org
                      Server:  dns.google
                      Address:  8.8.8.8
                      
                      *** dns.google can't find default._domainkey.notepad-plus-plus.org: Non-existent domain
                      

                      So @donho, if you made changes to the DNS entry for notepad-plus-plus.org, they haven’t propagated to the outside world yet. (Normally the changes only take a few hours; it’s been 23 hours since the message above.)

                      Polling to find out the DNS server:

                      C:\Users\Peter>nslookup -type=ns notepad-plus-plus.org
                      Server:  dns.google
                      Address:  8.8.8.8
                      
                      Non-authoritative answer:
                      notepad-plus-plus.org   nameserver = ns2.dns-parking.com
                      notepad-plus-plus.org   nameserver = ns1.dns-parking.com
                      

                      If I then tell nslookup to use ns1.dns-parking.com as the server for doing the query:

                      C:\Users\Peter>nslookup -type=txt notepad-plus-plus.org ns1.dns-parking.com
                      Server:  UnKnown
                      Address:  162.159.24.201
                      
                      notepad-plus-plus.org   text =
                      
                              "v=spf1 include:_spf.mail.hostinger.com ~all"
                      C:\Users\Peter>nslookup -type=txt default._domainkey.notepad-plus-plus.org ns1.dns-parking.com
                      Server:  UnKnown
                      Address:  162.159.24.201
                      
                      *** UnKnown can't find default._domainkey.notepad-plus-plus.org: Non-existent domain
                      
                      C:\Users\Peter>nslookup -type=txt _dmarc.notepad-plus-plus.org ns1.dns-parking.com
                      Server:  UnKnown
                      Address:  162.159.24.201
                      
                      *** UnKnown can't find _dmarc.notepad-plus-plus.org: Non-existent domain
                      

                      … I got the same answers as with the public DNS server.

                      There shouldn’t be any propagation delay on the “home” DNS servers, since that’s the entry that is being edited. So it looks like whatever changes you made didn’t get saved properly.

                      donho 1 Reply Last reply Reply Quote 0
                      • donho
                        donho @PeterJones last edited by donho

                        @PeterJones said in Community weekly digest ends up in SPAM:

                        So it looks like whatever changes you made didn’t get saved properly.

                        Thank you for your help.

                        Just checked again, it’s saved :

                        8d710f8e-982e-49e4-a76f-92c38c165c7a-image.png

                        As I said, DKIM was missing and SPF was conflict (instead of Active).
                        I guess what I have done is not enough.
                        However, it seems that I cannot change the default settings.

                        On which part I should configure exactly?

                        PeterJones 1 Reply Last reply Reply Quote 0
                        • PeterJones
                          PeterJones @donho last edited by

                          @donho ,

                          I don’t know hostinger’s interface. All I can tell you for sure is that your public SPF record looks like v=spf1 include:_spf.mail.hostinger.com ~all … and if you want the forum emails to properly have the SPF, it will have to be more like what I showed in January (edited for the new hostinger-default text): v=spf1 include:_spf.mail.hostinger.com include:relay.mailchannels.net include:digitalocean.com ip4:104.131.212.184 ~all – the extra includes, and the ip4, will allow addresses associated with the emails from the Community Forum to also be allowed.

                          For the DKIM, I would be curious if the down arrow at least showed the key name and value, even if it doesn’t ;let you edit… that would at least let me probe externally.

                          But looking at your screenshot of the hostinger entry, I would try clicking on the SPF’s down-arrow, and see if that allows you to edit the raw contents. Otherwise, this page may show you different ways to dig into the raw DNS records rather than their top-level GUI, or another page here – It looks like they are both talking about the “zone editor” feature at Hostinger. It looks like Zone Editor gives you access to all of the entries, so you can maybe see what “selector._domainkey” the DKIM is used with (I was suggesting default._domainkey, but maybe hostinger uses another selector). And from that page, you should be able to edit the TXT for the SPF and add a new TXT entry for _dmarc (and give it the value I suggested in January)

                          donho 2 Replies Last reply Reply Quote 0
                          • donho
                            donho @PeterJones last edited by donho

                            @PeterJones

                            I just created don.ho@notepad-plus-plus.org (and it’s the only one account on notepad-plus-plus.org so far.

                            And here is the log of email:

                            176abee5-0810-4489-8620-c2801ce49ee4-image.png

                            I’m wondering if I should create the account like admin and news-noreply ?

                            1 Reply Last reply Reply Quote 0
                            • donho
                              donho @PeterJones last edited by

                              @PeterJones said in Community weekly digest ends up in SPAM:

                              and if you want the forum emails to properly have the SPF, it will have to be more like what I showed in January (edited for the new hostinger-default text): v=spf1 include:_spf.mail.hostinger.com include:relay.mailchannels.net include:digitalocean.com ip4:104.131.212.184 ~all – the extra includes, and the ip4, will allow addresses associated with the emails from the Community Forum to also be allowed.

                              So should I edit it to the value you suggested?

                              afb6423a-7067-44a1-bdb0-1a04912c4031-image.png

                              donho PeterJones 2 Replies Last reply Reply Quote 0
                              • donho
                                donho @donho last edited by

                                @donho said in Community weekly digest ends up in SPAM:

                                So should I edit it to the value you suggested?

                                I’ve just edited the entry I showed you on the screenshot above to the value you suggested, and back to the email section:

                                15c8e874-70fe-4f81-ae10-57aaec5681e8-image.png

                                PeterJones 1 Reply Last reply Reply Quote 1
                                • PeterJones
                                  PeterJones @donho last edited by PeterJones

                                  @donho ,

                                  Yes, I would say to Edit the one you have highlighted to the value I supplied.

                                  And if there’s an Add or New button not shown, I would use that to create a new TXT record with the name _dmarc and the value v=DMARC1; p=none; rua=mailto:don.ho@notepad-plus-plus.org

                                  08036303-254c-4cae-a157-0b815dcf479c-image.png

                                  Also, if you could send me an email (I believe you can look at my profile and see my configured email) from the don.ho@notepad-plus-plus.org address, it should put useful information in the headers, which I can use to help you confirm whether that’s gotten set up right or not.

                                  PeterJones 1 Reply Last reply Reply Quote 1
                                  • PeterJones
                                    PeterJones @donho last edited by

                                    @donho said in Community weekly digest ends up in SPAM:

                                    I’ve just edited the entry

                                    and I can already confirm that change has propagated:

                                    C:\>nslookup -type=TXT notepad-plus-plus.org
                                    Server:  localhost
                                    Address:  127.0.0.1
                                    
                                    Non-authoritative answer:
                                    notepad-plus-plus.org   text =
                                    
                                            "v=spf1 include:_spf.mail.hostinger.com include:relay.mailchannels.net include:digitalocean.com ip4:104.131.212.184 ~all"
                                    

                                    that alone should help. And I think if you can add the _dmarc entry, that will help also.

                                    donho 1 Reply Last reply Reply Quote 1
                                    • donho
                                      donho @PeterJones last edited by donho

                                      @PeterJones said in Community weekly digest ends up in SPAM:

                                      that alone should help. And I think if you can add the _dmarc entry, that will help also.

                                      There’s control for adding entry:

                                      063362f1-8da7-4b46-b927-e92df228aad0-image.png

                                      But what kind of info should I provide to the 3 first case?

                                      PeterJones 1 Reply Last reply Reply Quote 0
                                      • PeterJones
                                        PeterJones @donho last edited by

                                        @donho ,

                                        TYPE should be TXT
                                        NAME should be _dmarc or _dmarc. (different interfaces differ on whether or not they want the . after the name)
                                        POINTS TO should be the value v=DMARC1; p=none; rua=mailto:don.ho@notepad-plus-plus.org

                                        donho 1 Reply Last reply Reply Quote 0
                                        • donho
                                          donho @PeterJones last edited by

                                          Done:

                                          9d416804-c07e-45c2-ad81-e522aa0aa818-image.png

                                          Could you check now?

                                          PeterJones 1 Reply Last reply Reply Quote 0
                                          • PeterJones
                                            PeterJones @PeterJones last edited by

                                            @PeterJones said in Community weekly digest ends up in SPAM:

                                            if you could send me an email (…, it should put useful information in the headers, which I can use to help you confirm whether that’s gotten set up right or not.

                                            I can confirm that the email arrived and had a valid DKIM signature. (It also told me that it’s under hostingermail-a._domainkey.notepad-plus-plus.org, so it is using a different selector than I was looking for.)

                                            C:\Users\peter.jones\Downloads\TempData\nppCommunity\garden>nslookup -type=TXT hostingermail-a._domainkey.notepad-plus-plus.org
                                            Server:  localhost
                                            Address:  127.0.0.1
                                            
                                            Non-authoritative answer:
                                            hostingermail-a._domainkey.notepad-plus-plus.org        canonical name = hostingermail-a.dkim.mail.hostinger.com
                                            hostingermail-a.dkim.mail.hostinger.com text =
                                            
                                                    "v=DKIM1;k=rsa;p=MIIBIjANB...."
                                            

                                            So yes, DKIM is now set up correctly on those.

                                            I will give a bit of time to allow more propagation of DNS (it’s not instant all over), and then try to get the Community to send me another confirmation email, and see if it’s now doing the DKIM correctly from the forum as well.

                                            1 Reply Last reply Reply Quote 1
                                            • First post
                                              Last post
                                            Copyright © 2014 NodeBB Forums | Contributors